<?php
/*
Author: Hallvard Westman
Project: Links
 -----------------------------------FOR SESSIONS-------------------------------------------------*/

session_start();
include 'userclass.php';
include 'db.php';

if (!$user->loggedOn()) {	//If sessions is not set, the user will be logged in by POST sent
	  $uname = $_POST['UserId'];
	if ($uname != 'Userid'){
    $pwd = substr(md5($_POST['Word']),0,32);	//Collects userid and encrypts password
  
    $sql = 'SELECT * FROM li_users WHERE UserId=:UserId AND Word=:Word';
    $sth = $db->prepare($sql);
    $sth->bindParam(':UserId', $uname);
    $sth->bindParam(':Word', $pwd);
    $sth->execute();    
    	if ($row = $sth->fetch())   {		//If user exists and login is correct		
        	$user->dologin($row['UserId']);
    	}
    	else {	// If user does not exist or password is wrong error is displayed
         header('Location: login.php?id=Wrong Username or Word');
    }
    }else
    	header('Location: login.php?id=Nono, you must write your own username');
} else {	
    $user->logout();	
    header('Location: index.php');
}
?>
